diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-15 21:55:33 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-01-15 21:55:33 +0300 |
commit | f4e087c666f54559cb4e530af1fbfc9967e14a15 (patch) | |
tree | 0115522f1539abf8e62d262d571210ea5f300a1d /drivers | |
parent | dcda487c9c2e80ad177cdc34ae2068bbe5dada07 (diff) | |
parent | 179892adb0436139fd8e6af7b27f54219c1750f8 (diff) | |
download | linux-f4e087c666f54559cb4e530af1fbfc9967e14a15.tar.xz |
Merge tag 'acpi-5.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fixes from Rafael Wysocki:
"These address a device ID bounds check error in the device enumeration
code and fix a mistake in the documentation.
Specifics:
- Harden the ACPI device enumeration code against device ID length
overflows to address a Linux VM cash on Hyper-V (Dexuan Cui).
- Fix a mistake in the documentation of error type values for PCIe
errors (Qiuxu Zhuo)"
* tag 'acpi-5.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Documentation: ACPI: EINJ: Fix error type values for PCIe errors
ACPI: scan: Harden acpi_device_add() against device ID overflows
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/acpi/internal.h | 2 | ||||
-rw-r--r-- | drivers/acpi/scan.c | 15 |
2 files changed, 15 insertions, 2 deletions
diff --git a/drivers/acpi/internal.h b/drivers/acpi/internal.h index cb229e24c563..e6a5d997241c 100644 --- a/drivers/acpi/internal.h +++ b/drivers/acpi/internal.h @@ -97,7 +97,7 @@ void acpi_scan_table_handler(u32 event, void *table, void *context); extern struct list_head acpi_bus_id_list; struct acpi_device_bus_id { - char bus_id[15]; + const char *bus_id; unsigned int instance_no; struct list_head node; }; diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c index 80b668c80073..58ff36340cd7 100644 --- a/drivers/acpi/scan.c +++ b/drivers/acpi/scan.c @@ -486,6 +486,7 @@ static void acpi_device_del(struct acpi_device *device) acpi_device_bus_id->instance_no--; else { list_del(&acpi_device_bus_id->node); + kfree_const(acpi_device_bus_id->bus_id); kfree(acpi_device_bus_id); } break; @@ -674,7 +675,14 @@ int acpi_device_add(struct acpi_device *device, } if (!found) { acpi_device_bus_id = new_bus_id; - strcpy(acpi_device_bus_id->bus_id, acpi_device_hid(device)); + acpi_device_bus_id->bus_id = + kstrdup_const(acpi_device_hid(device), GFP_KERNEL); + if (!acpi_device_bus_id->bus_id) { + pr_err(PREFIX "Memory allocation error for bus id\n"); + result = -ENOMEM; + goto err_free_new_bus_id; + } + acpi_device_bus_id->instance_no = 0; list_add_tail(&acpi_device_bus_id->node, &acpi_bus_id_list); } @@ -709,6 +717,11 @@ int acpi_device_add(struct acpi_device *device, if (device->parent) list_del(&device->node); list_del(&device->wakeup_list); + + err_free_new_bus_id: + if (!found) + kfree(new_bus_id); + mutex_unlock(&acpi_device_lock); err_detach: |